Install some tools you'll need with: apt-get install -y hostapd dnsmasq wireless-tools iw wvdial
Note that some wifi cards just plain don't work with hostapd. Sorry.
This is done in /etc/network/interfaces:
Note: use wpa_passphrase "ap name" "passphrase" to generate the wpa-psk value
auto lo
iface lo inet loopback
# Configure eth0 for remote connection.
auto eth0
iface eth0 inet dhcp
# Disable USB since it seems to mess with things:
#auto usb0
#iface usb0 inet static
# address 192.168.7.2
# netmask 255.255.255.0
# network 192.168.7.0
# gateway 192.168.7.1
# Configure the first wifi module
allow-hotplug wlan0
auto wlan0
# Client mode:
#iface wlan0 inet dhcp
# wireless-power off
# wpa-ssid "SomeAP"
# wpa-ap-scan 1
# wpa-proto RSN
# wpa-psk "lol"
# post-up echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6
# Host mode:
iface wlan0 inet static
wireless-power off
address 10.0.0.1
netmask 255.255.255.0
#gateway 10.0.0.1 # Shouldn't need this. We're not routing upstream on wlan0!
#dns-nameservers 192.168.1.1 # Or this. We're not a client!
wireless-mode Master
# Configure forwarding to an upstream nic:
post-up /root/dev/start-forwarding.sh # UPDATE THIS LOCATION!!!!!!!!!!
post-up echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6
# Configure eth1 for sensing:
auto eth1
iface eth1 inet manual
up ip link set dev $IFACE arp off
#up ip address add 0.0.0.0 dev $IFACE
up ip link set $IFACE up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ip link set $IFACE down
post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
You'll need to update /etc/init.d/hostapd to point to a config file at /etc/hostapd/hostapd.conf like this:
...
DAEMON_CONF=/etc/hostapd/hostapd.conf
...
Then create /etc/hostapd/hostapd.conf with these contents:
# cat /etc/hostapd/hostapd.conf
interface=wlan0
#driver=nl80211 # apparently this isn't needed??
ssid=FreeWifi
channel=1
# Yes, we support the Karma attack.
#enable_karma=1
You'll need to either add or replace the /etc/dnsmasq.conf with something like:
# Configure hostapd DHCP server for downstream clients on wlan0:
log-facility=/var/log/dnsmasq.log
interface=wlan0
dhcp-range=10.0.0.10,10.0.0.250,12h
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.1
#no-resolv
log-queries
# cat start-forwarding.sh
#!/bin/bash
echo "Telling kernel to turn on ipv4 ip_forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Done. Setting up iptables rules to allow FORWARDING"
DOWNSTREAM=wlan0 # wlan0 is client network (running hostapd)
UPSTREAM=eth0 # eth0 is upstream network (internet)
# Allow IP Masquerading (NAT) of packets from clients (downstream) to upstream network (internet)
iptables -t nat -A POSTROUTING -o $UPSTREAM -j MASQUERADE
# Forward packets from downstream clients to the upstream internet
iptables -A FORWARD -i $DOWNSTREAM -o $UPSTREAM -j ACCEPT
# Forward packers from the internet to clients IF THE CONNECTION IS ALREADY OPEN!
iptables -A FORWARD -i $UPSTREAM -o $DOWNSTREAM -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Done setting up iptables rules. Forwarding enabled"
#!/bin/bash
echo "Starting hostapd and dnsmasq so clients can connect on wlan0"
service hostapd start
service dnsmasq start
echo "Done! Consider watching the logs with the 'watch-logs.sh' script"
#!/bin/bash
echo "Starting to watch the logs..."
sleep 2
watch -n1 tail -n20 /var/log/dnsmasq.log /var/lib/misc/dnsmasq.leases
#!/bin/bash
echo "Stopping hostapd and dnsmasq..."
service hostapd stop
service dnsmasq stop
echo "Done! No more wifi for those losers!"